{"id":6174,"date":"2025-10-23T17:06:30","date_gmt":"2025-10-23T17:06:30","guid":{"rendered":"https:\/\/musictechohio.online\/site\/researchers-severe-vulnerabilities-ai-browser-comet\/"},"modified":"2025-10-23T17:06:30","modified_gmt":"2025-10-23T17:06:30","slug":"researchers-severe-vulnerabilities-ai-browser-comet","status":"publish","type":"post","link":"https:\/\/musictechohio.online\/site\/researchers-severe-vulnerabilities-ai-browser-comet\/","title":{"rendered":"Researchers Find Severe Vulnerabilities in AI Browser"},"content":{"rendered":"<div>\n<p class=\"article-paragraph skip\">A hype cycle as overwhelming and logic-defying as the AI boom comes with its own whirlwind succession of trends that are their own mini booms driven by billions of dollars of money.\u00a0<\/p>\n<p class=\"article-paragraph skip\">Once the world got used to large language model-powered AI chatbots, autonomous AI agents became the next big thing. This past year, video generating models have been <a href=\"https:\/\/futurism.com\/artificial-intelligence\/openai-sora-stephen-hawking-brutalized\">having their time in the Sun<\/a> after rapid improvements. What will be the next hot trend? So-called \u201c<a href=\"https:\/\/www.quantamagazine.org\/world-models-an-old-idea-in-ai-mount-a-comeback-20250902\/\" rel=\"nofollow\">world models<\/a>\u201d that can simulate physical environments?<\/p>\n<p class=\"article-paragraph skip\">Maybe. But for now, instead, it\u2019s \u201cAI browsers\u201d designed to supercharge your web experience with machine learning features. OpenAI is currently trying to will this trend into existence with the release of its own web browser called \u201cChatGPT Atlas,\u201d which it <a href=\"https:\/\/openai.com\/index\/introducing-chatgpt-atlas\/\">announced<\/a> Tuesday. It reeks of a company bereft of exciting ideas, sure, but if anyone can make it a thing, it would be the makers of the world\u2019s most popular chatbot.<\/p>\n<p class=\"article-paragraph skip\">New research from the web browser company Brave, however, should dampen the enthusiasm for the tech. In a <a href=\"https:\/\/brave.com\/blog\/unseeable-prompt-injections\/\" rel=\"nofollow\">report released Tuesday<\/a>, the company outlined glaring security flaws with Perplexity\u2019s Comet Browser, which allows users to take screenshots on websites so a built-in AI can analyze them and answer questions.\u00a0According to Brave\u2019s findings, the screenshot feature can be a vector for an attack known as a <a href=\"https:\/\/futurism.com\/easy-jailbreak-every-major-ai-chatgpt\">prompt injection<\/a>, in which a hacker delivers a hidden message to an AI to carry out harmful instructions. These messages can be embedded in malicious webpages designed by the hacker.<\/p>\n<p class=\"article-paragraph skip\">In a video demonstration, the Perplexity AI browser is asked \u201cWho is the author?\u201d of a screenshot of a photograph. Within seconds, the AI opens the user\u2019s personal email and visits\u00a0a website setup by a hacker. The photograph, it turned out, contained text instructions imperceptible to the human eye \u2014 but the AI extracted and followed them<strong> <\/strong>without distinguishing it from the user\u2019s prompt, according to the researchers.<\/p>\n<p class=\"article-paragraph skip\">\u201cThe scariest aspect of these security flaws is that an AI assistant can act with the user\u2019s authenticated privileges,\u201d Brave warned. \u201cAn agentic browser hijacked by a malicious site can access a user\u2019s banking, work email or other sensitive accounts.\u201d<\/p>\n<p class=\"article-paragraph skip\">Prompt injection attacks aren\u2019t new, and have been a cause for concern ever since ChatGPT exploded the popularity of LLMs. But the stakes of the havoc they can wreak have been raised with the advent of autonomous AI models, or agents, that can control a user\u2019s desktop unlike a typical chatbot, enabling them to browse the web and access and change files.\u00a0<\/p>\n<p class=\"article-paragraph skip\">Now with AI browsers on the horizon, countless more users are just a button-click away from being exposed to these risks that they\u2019re likely oblivious to. A previous report from Brave showed how another prompt injection attack tricked Perplexity\u2019s Comet browser into potentially <a href=\"https:\/\/futurism.com\/ai-browser-hackers-drain-bank-account-public-reddit-post\">giving hackers access to your bank account<\/a> by showing it a single Reddit post.<\/p>\n<p class=\"article-paragraph skip\">\u201cAI-powered browsers that can take actions on your behalf are powerful yet extremely risky,\u201d the report warned. The attacks \u201cboil down to a failure to maintain clear boundaries between trusted user input and untrusted Web content when constructing LLM prompts while allowing the browser to take powerful actions on behalf of the user.\u201d<\/p>\n<p class=\"article-paragraph skip\">These are problems inherent both to LLMs and their questionable wedding with a web browser. In other words, expect these same vulnerabilities to show up in OpenAI\u2019s AI browser, too \u2014 only with millions of more people exposed to them.<\/p>\n<p class=\"article-paragraph skip\"><strong>More on AI:<\/strong> <em><a href=\"https:\/\/futurism.com\/artificial-intelligence\/openai-new-allegations-teen-death\">OpenAI Faces New Allegations in Teen\u2019s Death<\/a><\/em><\/p>\n<p>The post <a href=\"https:\/\/futurism.com\/artificial-intelligence\/researchers-severe-vulnerabilities-ai-browser-comet\">Researchers Find Severe Vulnerabilities in AI Browser<\/a> appeared first on <a href=\"https:\/\/futurism.com\/\">Futurism<\/a>.<\/p>\n<\/div>\n<div style=\"margin-top: 0px; margin-bottom: 0px;\" class=\"sharethis-inline-share-buttons\" ><\/div>","protected":false},"excerpt":{"rendered":"<p>A hype cycle as overwhelming and logic-defying as the AI boom comes with its own whirlwind succession of trends that are their own mini booms driven by billions of dollars&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[177,1177,3842],"tags":[],"class_list":["post-6174","post","type-post","status-publish","format-standard","hentry","category-artificial-intelligence","category-cybersecurity","category-future-society"],"_links":{"self":[{"href":"https:\/\/musictechohio.online\/site\/wp-json\/wp\/v2\/posts\/6174","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/musictechohio.online\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/musictechohio.online\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/musictechohio.online\/site\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/musictechohio.online\/site\/wp-json\/wp\/v2\/comments?post=6174"}],"version-history":[{"count":0,"href":"https:\/\/musictechohio.online\/site\/wp-json\/wp\/v2\/posts\/6174\/revisions"}],"wp:attachment":[{"href":"https:\/\/musictechohio.online\/site\/wp-json\/wp\/v2\/media?parent=6174"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/musictechohio.online\/site\/wp-json\/wp\/v2\/categories?post=6174"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/musictechohio.online\/site\/wp-json\/wp\/v2\/tags?post=6174"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}